CVE-2020-3358: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability
First published: Thu Jul 16 2020(Updated: )
A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv340 Dual Wan Gigabit Vpn Router | ||
| Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router | ||
| Cisco Rv345 Dual Wan Gigabit Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv345 Dual Wan Gigabit Vpn Router | ||
| Cisco Rv345p Dual Wan Gigabit Poe Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv345p Dual Wan Gigabit Poe Vpn Router |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-3358.
What is the severity of CVE-2020-3358?
The severity of CVE-2020-3358 is high with a score of 8.6 out of 10.
What is the affected software for CVE-2020-3358?
The affected software for CVE-2020-3358 is Cisco Small Business RV VPN Routers with firmware version up to 1.0.03.18.
What is the impact of CVE-2020-3358?
The vulnerability in SSL VPN feature of Cisco Small Business RV VPN Routers can allow an unauthenticated attacker to cause the device to unexpectedly restart, resulting in a denial of service (DoS) condition.
Is there a fix available for CVE-2020-3358?
Yes, Cisco has released a software update to address this vulnerability. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco rv340 dual wan gigabit vpn router firmware
- canonical/cisco rv340 dual wan gigabit vpn router
- canonical/cisco rv340w dual wan gigabit wireless-ac vpn router firmware
- canonical/cisco rv340w dual wan gigabit wireless-ac vpn router
- canonical/cisco rv345 dual wan gigabit vpn router firmware
- canonical/cisco rv345 dual wan gigabit vpn router
- canonical/cisco rv345p dual wan gigabit poe vpn router firmware
- canonical/cisco rv345p dual wan gigabit poe vpn router